Cybercrime has been on the rise this year with the rapid shift to remote work and digital-first business. Cybercriminals pounce at the chance to target new victims with scams and phishing attacks as every major holiday, national event and even global crisis occurs.
As 2020 comes to an end, and with COVID-19 as the catalyst, organizations and their security and IT teams must prepare for the new age of business and the cybercrime that comes with it. Looking ahead, cybercriminals will continue to take advantage of the instability caused by COVID-19, and the role of the CSO will change as a result of this, causing more challenges for cybersecurity teams.
2020 Was the Year of Tactical Changes, Not Evolution
If any single word could describe 2020, it is probably disruption. The year was marked by profound changes to how people and companies operate day-to-day. This appears to have extended to the cybercriminal world. 2020 was perhaps the first year where we did not see a significant evolution of capabilities, but rather several tactical changes that focused on optimizing tools, operations, and ultimately payouts associated with the activity. Phishing didn’t get more sophisticated, it merely got more voluminous and the lures changed from payroll errors and IT updates to pandemic news.
While capabilities targeting multi-factor authentication became mainstream, they were all developed in previous years and finally proliferated to a large and disparate enough group of criminals that it looked like a new trend rather than just a continuation of the previous year’s activity. Similarly, the global assault on VPNs and RDP was nothing new, with the exception of some new vulnerabilities leading to easier exploitation. This focus was merely a tactical change on the criminal’s end as more companies hastily implemented this technology for continuity of business purposes and struggled to secure them due to the rapid change.
The plethora of new vulnerabilities led to a significant repurposing of existing capabilities by the cybercriminal community, which in turn has resulted primarily in stagnation of evolutionary or revolutionary new capabilities.
A Vaccine Won’t Save Business Security
The truth is, collectively, cybersecurity and IT teams are still failing to catch up defensively with many of the new intrusion methods from yesterday and yesteryear. That said, we can expect that cybercriminals will continue to take advantage of the instability caused by — and ad hoc solutions deployed in response to— COVID-19.
In 2021, state and federal governments will likely announce additional programs and monetary funds to help businesses recover from losses caused by the pandemic. Any new, large injection of money into the economy is accompanied by a rise in cybercriminal behavior. If the past provides any indication of the future, relief-related scams and fraud will likely follow these new programs, and businesses should be wary of unsolicited offers or instructions from organizations with which they have no history. If messages of this type seem authentic, organizations should independently research the organization or agency and, if legitimate, initiate communication through their official correspondence channels.
CSOs Have New Security Challenges Ahead
While some businesses had robust cybersecurity processes in place to secure remote work and remote access ahead of the pandemic, many found themselves ill-equipped to achieve the same levels of visibility and protection they had developed within traditional office environments. Ad hoc solutions and processes emerged to support business continuity in the short term. However, with the distribution of office and remote work now likely transformed forever, CSOs face the challenge of rebalancing their programs and budgets to support more complex, distributed, and heterogeneous environments for the long term.
Further complicating matters is the eventual push by some companies to return to the office once a vaccine is distributed. Just like the hasty, make-anything-work process created new holes in the security program’s awareness and prevention, a rapid return to the office is likely to leave behind some of that rapidly spun up infrastructure. If businesses do return to the office in 2021, there needs to be a concerted and methodical plan to decommission or otherwise maintain the infrastructure that was spun up to deal with the change to a remote-first world. Abandoning this infrastructure, or not having a proper inventory of things that still persist but do not see regular use, is the equivalent of putting backdoors into your network for the adversary. The biggest challenge of 2021 for CSOs is going to be the return to normal.
Preparing for 2021 and Its Cybersecurity Threats
No matter the time of the year, every organization’s ultimate goal is to protect their employees and their sensitive information, which in turn protects their own reputation. Looking to 2021, and the high chance that businesses will be recuperating from 2020 losses, many companies will still be at a higher risk to be targeted by cybercriminals. Further, the reliance on recovery aid programs to bounce back will create additional opportunities for bad actors looking to leverage COVID-19 to personally profit.
As cybersecurity teams look to plan for the new year, it will be crucial for them to prepare for the potential increase in attacks and start planning for decommissioning hastily thrown together remote infrastructure. In order to prepare, CSOs will need to evolve by taking on bigger roles to guide their organizations’ risk mitigation, business continuity planning, and contingency plans to identify, remediate and protect threats posed to their organizations.